310 likes | 413 Views
Agent Privacy/ Security Akram Sarhan Western Michigan University 4-14, 2014 CS 6800. OUTLINE . Aspects of Mobile Agent Research. Distributed System Research Focus on system architectures and protocols for managing executions of mobile agent objects.
E N D
Agent Privacy/ Security Akram Sarhan Western Michigan University 4-14, 2014 CS 6800
Aspects of Mobile Agent Research • Distributed System Research • Focus on system architecturesand protocols for managing executions of mobile agent objects. • Security,fault tolerance,naming,yellow pages • Programming Languages Research • Code mobility,safety,programming constructs • Agent communication languages • Artificial Intelligence Research • Focus onintelligence,learning,andcooperation
Root of agent Technology Client/server AI Structured Programming Peer to Peer OO Mobile computing systems Distributed AI Agents
From AI to IA Artificial Intelligence (AI) (algorithm) that aims to build systems that can ultimately understand natural languages , use common sense , think creatively. [ Wooldeidge, 1999] Intelligent Agents (IA) are systems that are built in a way that they can choose right action to perform at the right moment in a very specific domain
What is an agent? • An agent is a software component (object) which carriesout tasks on behalf of its owners. in some predefinedmanner. • An agent is an autonomous software entity that cansuspend its execution,transfer itself from one networked host to another and resume execution on the new host. • Mobile Agent: composition of computer software and data which is able to migrate (move) from one computer to another autonomously in a distributed system to perform actions on behalf of its creator. • Proposed to replace the client-server • paradigm as a better, more efficient • and flexible mode of communication • Two general goals: • Reduction of network traffic • Asynchronous interaction
Why is an agent? • Agents can function independent of each other or cooperate to solve problems • Lange et al. (1999) states seven reasons why mobile agents are a good idea: 1- reducing network load • 2-executing asynchronously • and autonomously 3- encapsulating protocols • 4- overcoming network latency 5- dynamic adaptability. 6- naturally heterogeneous. 7- robustness and fault tolerance Source: Seven Good Reasons for Mobile Agents Danny B. Lange and Mitsuru Oshima
Agent vs. computer worm • A worm : program that is able to move between nodes on a network suggests intriguing possibilities for distributed computing. labeled as dangerous and therefore very undesirable. (Denning, 1989) • If however these malicious programs could be controlled and reapplied in service of computer users then the potential of a revolution in distributed computing is possible. The candidate for this revolution is called a mobile agent and its application is a mobile agent system.
Mobile Agent & Turing Machine • Host and Originators considered as a probabilistic (universal) Turing Machine • Code of Mobile Agents considered as interactive program ( description of a TM which can be simulated by UTM) • Model of an interactive Turing Machine possesses a tapecontaining the messages received from other processes . • Atape with the message sent to other processes an un-erasable coin-toss tape recording all random choices made by a Turing Machine and write-only output tape. • The content of the communication tapes is expected to be not erased by the interactive Turing machine • Source : Mobile Agents: Second International Workshop, MA'98, Stuttgart, Germany, Kurt Rotherme, Fritz Hohl
Examples of Mobile Agent Systems • TACOMA(Tux) - Mobile Agent System. Operating System Support for mobility. Tromosø and Cornell Moving Agents (TACOMA) is a joint project between the University of Tromosø, Norway and Cornell University, USA. It is primarily focused on providing operating system support for agents. • Telescript- developed by General Magic, includes an object oriented, type-safe language for agent programming. • Agent TCL is a mobile agent system created at Dartmouth College. agents are written in the Tool Command Language (Tcl), which is an embeddable scripting language that is highly portable and freely available. • Aglets is a Java based system developed by IBM. Agents are called aglets in this System. • Jade is an open source framework that aid the development of distributed application based on agent paradigm.
Applications of Agent Systems • E- Commerce – Agents act and negotiate on behalf of the user. Example: Auctions, service negotiations, etc. • Personal Assistant – acts like a remote assistant. For example, can search and book airline ticket depending on a search criteria. • Secure Brokering - Mobile agents meet and collaborate on mutually agreed secure host. • Distributed information retrieval - Agent are dispatched to remote information sources and they can perform extended searches not restricted by working hours or connectivity. • Information distribution – works on the push model. Software distributor may send software updates and versions to the user. • Parallel processing – agents can execute concurrently in a distributed system. A single task can be decomposed amongst multiple agents. • Network Security testing - Agents can be used in network intrusion detection. • Database Searches– It is efficient to send out an agent to perform a specialized search on a large database than to move big chunks of data to the client using up enormous amount of bandwidth.
Security Issues in Agent Systems • Agent environment (those allow for mobility of agents, much difficult to protect from intruders than conventional systems). • Agent paradigmlacksecurity, anonymity and untreacebility (protection against traffic analysis attacks) in open dynamic environment such as the internet • “The vision of mobile agents as the key technology for future electronic commerce applications can only become reality if all security issues are well understood and the corresponding mechanisms are in place.” Source: Rothermel et al Mobile Agent Systems: What is Missing?
Agent System Security threats Classification • Agents attacking Hosts • Hosts attacking the Agents • Malicious Agent attacking another agent • Attack by other entities
Agents Attacking Hosts • Since agents traverse multiple hosts trusted to different extents, implementing any security measure is complicated. • Lack of sufficient authentication and access control mechanism, can tamper data • Malicious agents can attack the Host , access sensitive data, steal or modify the data on the host. • No Set for resource constraints (limited computational, networking, and storage capabilities ), cause DoS attacks by exhausting computational resources and denying platform services to other agents.
Hosts Attacking The Agents • A malicious host can attack the agent, by stealing or modifying its data, corrupting or modifying its code or state, deny requested services, return false system call values, reinitialize the agent or even terminate it completely. • It can also masquerade the agent by delaying the agent until the task is no more relevant. • The Host may also analyze and reverse engineer the agent.
Malicious Agent attacking Another Agent • Attack specific to software agents: masquerading,denial of service, unauthorized access and Repudiation. • A malicious agent may invokepublic methods of another agent to interfere with its work. • Examples : • Threat to the agent owner’s personal information when an agent travels across many networks carrying personal information belonging to its owner. • An agentroams around the Internet to look for the lowest price of a air ticket; it remembers the lowest price it finds most recently • Data tampering: change of execution state of agents by malicious hosts (“brain-flush” the agent of the lowest price it remembers) • Execution tampering: change of code or execution sequence by malicious hosts (deliberately set the local price as the lowest price, and push the agent to return immediately) • In E-Commerce scenario, Agent may be carrying sensitive information like Social Security Number or Bank Account details. Agents must be secure and tamper-proof, and must not reveal information inappropriately.
Agent Attack by other entities Some other entity in the network may manipulate or eavesdrop on agent communication.
Host Protection Mechanisms 1- Sandboxing 2- Safe Interpreters 3-code signature 4-State Appraisal 5-Proof carrying code 6- Path Histories 7- Policy Management • Sandbox: • security mechanism for safely running untrusted programs • used to execute untested code, or untrusted programs from unverified third-parties (suppliers, users and websites) • Source : Wikebedia
AGENT PROTECTIONMECHANISMS • Trusted/Tamper Proof Hardware • Obfuscation • Garbled Circuit • Privacy homomorphisms • Coding Theory • Function composition
Secure Coprocessor • interfaces with main computer or server through a PCI-based interface. • complete computing system [processor, RAM, ROM, backup battery, non-volatile persistent storage, and Ethernet network card] • Secure separate storage for root keys (Keys never leave security processor) • Receiveencrypted data and returndecrypted data • Encapsulate the entire agent execution environment in which the agent executes, thus isolating the agent from the malicious host. The whole agent is not visible to the host environment. Drawback : Cost Expansive
Obfuscation • Scramblecode so that it still works, but cannot be reverseengineered. • Protect against reverse engineering (java byte code) • Hiding program (data and code) in plaintext within code • Example : algorithm that remove the code comments , insertdeadcode or unusable code, and renameidentifier such as variables, classes • Drawback : difficult to obfuscatearbitrary code. • obfuscating deterministic programs is impossible
Garbled Circuit Does not know which row of garbled table corresponds to which row of original table AND AND OR OR AND If Alice’s bit is 1, she simply sends k1x to Bob; if 0, she sends k0x NOT Alice’s inputs Bob’s inputs Ek0x(Ek0y(k0z)) k0z, k1z Ek0x(Ek1y(k0z)) Ek1x(Ek0y(k0z)) z k0x, k1x Ek1x(Ek1y(k1z)) If Alice’s bit is 1, she simply sends k1x to Bob; if 0, she sends k0x k0y, k1y z AND x y z Garbled Circuits x y z OR 0 0 0 y x 0 0 1 Truth table: 0 1 0 0 1 1 1 0 0 k0x, k1x k0y, k1y x y 1 1 1 1 1 1 • Compute any function securely • How Garbled circuit can protect mobile code? • 1- Convert the function into a Boolean circuit • 2- Pick Random Keys For Each Wire (One key corresponds to “0”, the other to “1” (6 keys in total for a • gate with 2 input wires) • 3-Alice encrypts each row of the truth table by encrypting the output-wire key with the corresponding • pair of input-wire keys • 4-Alice randomly permutes (“garbles”) encrypted truth table and sends it to Bob • 5-Alice sends the key corresponding to her input bit Keys are random, so Bob does not learn what this bit is • 6- Alice and Bob run oblivious transfer protocol ( a. Alice’s input is the two keys corresponding to Bob’s • wire b. Bob’s input into OT is simply his 1-bit input on that wire) Truth table: Drawback: Circuit size
Coding Theory • Coding theory is Methods to protect information against a noise • -Error-correcting codes are used to correct messages when they are transmitted through noisy channels. • Without coding theory and error-correcting codes there would be nodeep-space travel and pictures, no satellite TV, no compact disc, no … no … no …. • How Coding theory protect Mobile agent?. • Incorporation of error correcting codes to hide the function from a potential host. • Represent Agent code as Matrix • TransformsM to M’, where M’=M*P (P is a random matrix). • Attach M’ within a mobile agent. • Computes M’to output y’ by Host that receives the agent • Mobile agent returns to the originator with y’. • Originator uses the inverse of P, P-1, to computey from y’.
Privacy homomorphisms • Computing on encrypted data • Ability to Encrypt data in the cloud While still allowing the cloud to sear ch/sort/edit/… this data on my behalf • Keeping the data in the cloud in encrypted form Without needing to ship it back and forth to be decrypted • privacy homomorphism protect Mobile agent data privacy.
Function composition • Value fed to first function • Resulting value fed to second function • End result taken from second function • Given two functions: • p(x) = 2x + 1 • q(x) = x2 - 3 • Then p ( q(x) ) = • p (x2 - 3) = • 2 (x2 - 3) + 1 = • 2x2 - 5 • function composition protect mobile agent function privacy. • How function composition can protect confidentiality of mobile agent ? • Originator transforms function f using encryption function g. • Code of the agent is replaced by code that implements the composite function h = gof. • The originator sends the agent to a destination host. • Agent executed at the Host using the host’s input, and obtain encrypted output. • Host return encrypted output to the originator. • Originator “decrypts” the output using g-1.
Privacy homomorphisms • Directions • From: 19 Skyline Drive, Hawothorne, NY 10532, USA • To: Columbia University $skj#hS28ksytA@ … Source : IBM |NYU|ColumbiaTheory Day
Privacy homomorphisms $kjh9*mslt@na0&maXxjq02bflxm^00a2nm5,A4.pE.abxp3m58bsa(3saM%w,snanbanq~mD=3akm2,AZ,ltnhde83|3mz{ndewiunb4]gnbTa* kjew^bwJ^mdns0 typo Computing on Encrypted Data Source: IBM|NYU|ColumbiaTheory Day
Conclusion • Agent Technology is the future promising potential revolution in distributed computing. • Mobile agent systems offer many features and developed to replace client server paradigm • Security & Privacy two important factors that blocking the contribution of agent technology. • No optimal practical solution yet that can address all security and privacy issues
References • http://en.wikipedia.org/wiki/Mobile_agent • "Security in Mobile agents", by PadmaKapse • “Mobile Agent Programming in Ajanta” by AnandTripathi • Lange et al. (1999) states seven reasons why mobile agents are a good idea • Mobile Agents: Second International Workshop, MA'98, Stuttgart, Germany, Kurt Rotherme, Fritz Hohl • Rothermel et al Mobile Agent Systems: What is Missing? • IBM|NYU|Columbia Theory Day • Protecting Mobile Web-Commerce Agents with Smartcards , Stefan Funfroken, Dept of CS, Darmstadt Univ of Tech. , Germany : http://citeseer.nj.nec.com/unfrocken99protecting.html • http://www.cs.fsu.edu/research/reports/TR-050329.pdf" : • Mobile Agents: Are they a good idea? , David Chess, Colin Harrison, Aaron Kershenbaum: http://citeseer.nj.nec.com/chess95mobile.html • Is it an Agent, or just a Program? : A Taxonomy for Autonomous Agents, Stan Franklin and Art Graesser , Institute for Intelligent Systems, University of Memphis : http://www.cs.memphis.edu/~franklin • protecting Mobile Agents against Malicious Hosts, Tomas Sanders and Christian Tschudin. Proceedings of Workshop on Mobile Agents and Security, number 1419 in LCNS, pages 44-60, 1997: http://citeseer.nj.nec.com/sander98protecting.html • NIST Special Publication 800-19 – Mobile Agent Security: http://gunther.smeal.psu.edu/2276.html
Any Question ?